doc: add usage of flowbits OR op

author Shivani Bhardwaj <shivanib134@gmail.com>

Sat, 19 Feb 2022 06:33:10 +0000 (12:03 +0530)

committer Shivani Bhardwaj <shivanib134@gmail.com>

Tue, 8 Mar 2022 15:04:15 +0000 (20:34 +0530)
author Shivani Bhardwaj <shivanib134@gmail.com>
Sat, 19 Feb 2022 06:33:10 +0000 (12:03 +0530)
committer Shivani Bhardwaj <shivanib134@gmail.com>
Tue, 8 Mar 2022 15:04:15 +0000 (20:34 +0530)
diff --git a/doc/userguide/rules/flow-keywords.rst b/doc/userguide/rules/flow-keywords.rst

index 73df8341f4ab3473a02dbeae3056e21f05d32d30..f0cad2d3a48acf47f7726a28e33d9956f58dc6a0 100644 (file)
--- a/doc/userguide/rules/flow-keywords.rst
+++ b/doc/userguide/rules/flow-keywords.rst
@@ -53,6 +53,13 @@ will be generated.
  It is possible to use flowbits several times in a rule and combine the
  different functions.
  
+It is also possible to perform an `OR` operation with flowbits with `|` op.
+
+Example::
+  alert http any any -> any any (msg: "User1 or User2 logged in"; content:"login"; flowbits:isset,user1|user2; sid:1;)
+
+This can be used with either `isset` or `isnotset` action.
+
  flow
  ----
author	Shivani Bhardwaj <shivanib134@gmail.com>
	Sat, 19 Feb 2022 06:33:10 +0000 (12:03 +0530)
committer	Shivani Bhardwaj <shivanib134@gmail.com>
	Tue, 8 Mar 2022 15:04:15 +0000 (20:34 +0530)